HPE Community
Operating System - HP-UX
1832285 Members
3634 Online
110041 Solutions
New Discussion

Cannot change password when su'ing

 
SOLVED
Go to solution
Pactiv Development
Advisor

‎05-01-2006 07:13 AM

‎05-01-2006 07:13 AM

Cannot change password when su'ing

I have a user that su's over to some application ID's - let's call it zzzzzzz in this example.

Due to lack of use, zzzzzzz was disabled due to the password expiration interval being exceeded. We used sam to reactivate/enable the account - which also genned a new random password. We passed the new temporary password along to the user.

When they su'ed over to the application ID, they received the following messages in rapid succession:

Your password has expired.
su: Password for zzzzzzz has expired. Choose new password and try again
su: Sorry

They are never given a chance to enter the old (temporary) password.

The only way I could get the user going was to su as root over to zzzzzzz, then enter the passwd command (which allowed me to enter the temporary password and then pick a new one).

But certainly the user needs the ability to su over and enter the temporary password.

Is there something special (or broken) when using su over to these application ID's?

Scott

0 Kudos
Reply
8 REPLIES 8
Steven E. Protter
Exalted Contributor

‎05-01-2006 07:23 AM

‎05-01-2006 07:23 AM

Re: Cannot change password when su'ing

Shalom Scott,

I've done the same sequence as you on trusted systems and not yielded the same results.

pwck
grpck

Lets see the intergrity of the databases here.

Also check /var/adm/syslog/syslog.log for messages. Maybe there was a short term problem.

You may wish to try re-enabling the password at the command line (man passwd) and see if you get a specific response.

Seems to me you did everything right.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
DCE
Honored Contributor

‎05-01-2006 07:37 AM

‎05-01-2006 07:37 AM

Re: Cannot change password when su'ing



How are the users connecting? Xterm, vt100 emulation?

Some emulators will send an unwanted, unseen, code when the neter key is pressed.

You could try either a different emulation package, or a different term type.

HTH

Dave
0 Kudos
Reply
Christian Tremblay
Trusted Contributor

‎05-02-2006 12:29 AM

‎05-02-2006 12:29 AM

Re: Cannot change password when su'ing

I don't think it's possible at all to change the password by using su.
You have to login directly into the target account using either telnet, rlogin, ssh or whatever you use, change the password and logout.

You will then be able to su to the account.
0 Kudos
Reply
RAC_1
Honored Contributor

‎05-02-2006 12:34 AM

‎05-02-2006 12:34 AM

Re: Cannot change password when su'ing

Any chance that password (old) was more than 8 chars and did not contain special chars-like *, @ etc.
There is no substitute to HARDWORK
0 Kudos
Reply
Pactiv Development
Advisor

‎05-02-2006 03:03 AM

‎05-02-2006 03:03 AM

Re: Cannot change password when su'ing

Dave -

We use Hummingbird Exceed Secure Shell 10.0 that sets up a xterm session. I can try this with Putty and see what happens.

Scott
0 Kudos
Reply
Pactiv Development
Advisor

‎05-02-2006 03:04 AM

‎05-02-2006 03:04 AM

Re: Cannot change password when su'ing

RAC -

No - the old password (generated by the system) was just 8 lower case characters.

Scott
0 Kudos
Reply
Pactiv Development
Advisor

‎05-02-2006 03:06 AM

‎05-02-2006 03:06 AM

Re: Cannot change password when su'ing

Christian -

Is this a restriction of the OS? We spedifically require users sign in with their personal ID's before they su over to application ID's (so we have an audit trail). If the OS disallows password change when coming in via su, this would be a problem.

Scott
0 Kudos
Reply
Christian Tremblay
Trusted Contributor

‎05-02-2006 03:56 AM

‎05-02-2006 03:56 AM

Solution

Re: Cannot change password when su'ing

SOX compliance indeed requires that every user logs in as himself before "su"ing to another account. But in the case of having to change a password you can't use su.

Possible workarounds could be to have the sysadmin reset the password and communicate it to the users or maybe setup a sudoers file that allows running the passwd command by the user with a NOPASSWD entry.

Some sites will just make an exception to the rule and allow users to login directly to a generic account ONCE to change the password.




Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.